Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
LinkedIn

Building a Secure Auth System in Next.js

You need these features: - Session management - Access and refresh tokens - Token rotation - OTP verification - Password resets - Device logout I used JWT access tokens. These are short. Refresh ...
LinkedIn

Browser APIs for Faster Web Development

- WebAuthn Build secure login experiences using biometrics and passkeys. Over the next 10 weeks, I will cover: - Intersection Observer - Resize Observer - Mutation Observer - Web Storage - Clipboard ...
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
The Hacker News

AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution

Microsoft details AutoJack exploit chain targeting AutoGen Studio MCP WebSocket in pre-release builds, enabling ...
The Hacker News

⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More

This week’s recap covers exploited flaws, supply chain attacks, phishing kits, AI lures, macOS stealers, urgent CVEs, tools, ...
WeLiveSecurity

EvilTokens: A phishing attack that doesn’t steal your password

A phishing kit subverting Microsoft’s legitimate authentication flow lets attackers break into accounts without stealing ...
The Next Web

Hackers are mass-exploiting a Gravity SMTP flaw to steal API keys from 100,000 WordPress sites

Wordfence has blocked 17M+ exploit attempts targeting a Gravity SMTP bug that leaks API keys, OAuth tokens, and full system reports without authentication.
Graham Cluley

Smashing Security podcast #472: AI gets hacked, and BitLocker gets bypassed

What if your AI coding assistant could be tricked into stealing your own company’s secrets – by reading a single ...
GitHub

Sehab121/awesome-openclaw-skills-CN

ui-design-system - UI design system toolkit for Senior UI Designer ui-skills - Opinionated constraints for building better interfaces with agents. ui-ux-master - Master UI/UX design skill combining ...